You probably do not have the unlimited jurisdiction policy files in the right place.
It is very common for admins to think that the new policy files go in the usual <cfusion>/lib directory. But they actual go in the <cfusion>/jre/security/lib directory (unless you're on a Mac, then they go in JAVA_HOME/security/lib).
You also need to restart once you get the policy files in place.
I tested your script on my local machine, which does have the unlimited strength policy and it worked fine.
Oh, and your IV is too long. Shorten it by 16 charatcers. It should only be 128-bit, not 192-bit.
Thanks Jason. I was hoping that you would see this and reply to me. I saw many of your posts and your expertise as well as willingness to help others is greatly appreciated. I will apply your suggestions and post my results later. Thanks, Paul B.
Jason, it works fantastic. My files where in ther correct directory... I somehow didn't connect that the IV length is 192. And I red your post that explains the IV length ( http://forums.adobe.com/message/4545840#4545840 ) . Thank you Jason.
Jason, one more quick question. I have installed CF10 developers version server. The v10 structure is a bit different from v9. For example the Policy 6 files for the AES 256 encryption are found in \\ColdFusion10\jre\lib\security. So, when I run my code i keep getting the
The key specified is not a valid key for this encryption: Illegal key size.
What would be the solution here? How come the version 10 of the server has it differently than version 9? Any "enlightment" is greatly appreciated.
Verison 10 is different from 9 because they run on different servlet containers. CF 10 uses Tomcat, CF 9 uses JRun, so things are in different places.
\\ColdFusion10\jre\lib\security seems like the correct locaiton for the policy files to me. I actually gave you the wrong locations in my original post (sorry about that). According to the installation instructions they belong in <java-home>\lib\security, which is looks like you've found.
So something else is wrong. Here are some things to look at, in no particular order:
1. Are you using a JVM other than the Java 1.6 that comes with CF10?
2. Did you restart Tomcat after coping the files in?
3. Note that I keep saying FILES, did you copy BOTH of th .jar files from the JCE folder you unzipped into the security directory. It should have prompted you to overwrite existing files.
4. Did you try unzipping the files and copying them in again, on the chance that they did not overwrite the originals?
Sorry, I don't have CF10 installed to give this a try. But I have no reason to believe that it would not work in 10. It's all just JCA/JCE on the underlying JAVA, and I have heard no reports from anyone else that it doesn't work.